Projects Heat & Cold Contact Us Login

Privacy Policy

Effective: April 8, 2026

Table of Contents

Data Controller

Dipl. Ing. (FH) Ewald Schilberz
SPENSO sports & energy solutions GmbH
Im Schelmböhl 40
64665 Alsbach-Hähnlein
Germany
Email: eschilberz@spenso.eu

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects affected.

Types of Processed Data

  • Contact data.
  • Content data.
  • Usage data.
  • Metadata, communication, and procedural data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of Processing

  • Contact requests and communication.
  • Security measures.
  • Reach measurement.
  • Management and response to inquiries.
  • Feedback.
  • User-related profiles.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Applicable Legal Bases

Applicable legal bases under the GDPR: The following provides an overview of the GDPR legal bases on which we process personal data. Please note that, in addition to the GDPR, national data protection laws in your or our country of residence may also apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
  • Legitimate interests (Art. 6(1)(f) GDPR) – The processing is necessary for the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override those interests.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations in Germany apply. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfers, and automated decision-making including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and Swiss Data Protection Act (DSG): These privacy notices serve to provide information both under the Swiss Federal Act on Data Protection (Swiss DSG) and under the General Data Protection Regulation (GDPR). Therefore, please note that, due to the broader territorial scope and for clarity, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG, such as “processing” of “personal data,” “overriding interest,” and “sensitive personal data,” the terms used in the GDPR, namely “processing” of “personal data,” “legitimate interest,” and “special categories of data,” are applied. The legal meaning of the terms, however, continues to be determined under the Swiss DSG where applicable.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection proportionate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, availability, and segregation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and responses to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and processes according to the principles of data protection by design and by default.

Transfer of Personal Data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of such data may include, for example, service providers responsible for IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with the recipients to ensure the protection of your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing occurs in the context of using services from third parties or disclosing/transferring data to other individuals, entities, or companies, this is done in compliance with legal requirements. If the data protection level in the third country has been recognized via an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, transfers are only made if the data protection level is ensured by other means, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfers (Art. 49(1) GDPR). In addition, we provide information about the legal basis of third-country transfers for individual providers from third countries, with adequacy decisions taking precedence. Information on third-country transfers and existing adequacy decisions can be found on the European Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

EU-US Trans-Atlantic Data Privacy Framework: Within the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the data protection level as adequate for certain U.S. companies under the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). In the context of these privacy notices, we inform you which of the service providers we use are certified under the Data Privacy Framework.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular those set out in Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
  • Right of access: You have the right to obtain confirmation as to whether personal data concerning you are being processed and to access such data as well as to receive additional information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal provisions, to request the completion of your personal data or the correction of incorrect personal data concerning you.
  • Right to erasure and restriction of processing: You have the right, under the applicable legal provisions, to request that your personal data be deleted without undue delay or, alternatively, to request a restriction of processing.
  • Right to data portability: You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of such data to another controller, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or the location of the alleged infringement, if you consider that the processing of your personal data violates the GDPR.

Use of Cookies

Cookies are small text files or other storage records that store information on end devices and can read information from these devices. For example, they can store login status in a user account, the contents of a shopping cart in an e-shop, accessed content, or functions used on an online service. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online services and generating analyses of visitor traffic.

Notes on consent: We use cookies in compliance with legal requirements. Therefore, we obtain prior consent from users, except where legally not required. Consent is generally not required if the storing and reading of information, including cookies, is strictly necessary to provide a telemedia service explicitly requested by the user (i.e., our online service). Strictly necessary cookies generally include those that support the display and functionality of the online service, load balancing, security, storage of user preferences and selections, or other purposes directly related to the provision of the main and ancillary functions of the online service requested by users. Revocable consent is clearly communicated to users and contains information about the respective use of cookies.

Notes on legal bases for data protection: The legal basis on which we process users’ personal data using cookies depends on whether we request consent from the users. If users give their consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed via cookies is handled based on our legitimate interests (e.g., for the operational management of our online service and to improve its usability) or, if necessary to fulfill our contractual obligations, when the use of cookies is required to meet these obligations. The purposes for which cookies are processed by us are explained in the course of this privacy policy or in the context of our consent and processing procedures.

Storage duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be retained, or preferred content displayed immediately when a user revisits a website. Similarly, data collected via cookies may be used for reach measurement. If we do not provide explicit information to users about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage duration may be up to two years.

General notes on withdrawal and objection (so-called “opt-out”): Users can withdraw their given consent at any time and object to processing in accordance with legal requirements. Users can, for example, restrict the use of cookies in their browser settings (although this may limit the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further notes on processing procedures, methods, and services:

  • Processing of cookie data based on consent: We use a cookie consent management system in which users’ consents to the use of cookies, or to the processing and providers specified in the cookie consent management system, are obtained, managed, and can be revoked by the users. The consent statement is stored to avoid repeated queries and to demonstrate consent in accordance with legal obligations. Storage can occur server-side and/or in a cookie (so-called opt-in cookie, or via similar technologies) to associate consent with a user or their device. Subject to individual information regarding the providers of cookie management services, the following notes apply: The storage duration of consent can be up to two years. A pseudonymous user identifier is generated and stored along with the time of consent, the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used; Legal basis: Consent (Art. 6(1)(a) GDPR).

Provision of Online Services and Web Hosting

We process users’ data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the users’ browser or device.

  • Types of data processed: Usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices, e.g., computers, servers); security measures.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing procedures, methods, and services:

  • Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files.” These server log files may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, message about successful access, browser type and version, user’s operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider. Server log files can be used both for security purposes, e.g., to prevent server overload (particularly in the case of abusive attacks, so-called DDoS attacks), and to ensure server performance and stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidentiary purposes are exempt from deletion until the respective incident is finally resolved.

Contact and Request Management

When contacting us (e.g., via post, contact form, email, telephone, or social media) or within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to answer contact inquiries and any requested actions.

  • Types of data processed: Contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact inquiries and communication; management and response to inquiries; feedback (e.g., collecting feedback via online forms); provision of our online services and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Plugins and Embedded Features and Content

We integrate functional and content elements into our online service that are provided by the servers of their respective providers (hereinafter referred to as "third parties"). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that these third-party providers process users’ IP addresses, as they could not send the content to the users’ browsers without the IP address. The IP address is therefore necessary for displaying this content or functionality. We make every effort to use only content whose providers use the IP address solely for content delivery. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow information, such as visitor traffic on the pages of this website, to be analyzed. The pseudonymous information may also be stored in cookies on the users’ devices and may include technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online service, and may be combined with information from other sources.

  • Types of data processed: Usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness.

Created with the free Privacy Policy Generator by Dr. Thomas Schwenke